diff --git a/.github/actions/bootstrap/action.yaml b/.github/actions/bootstrap/action.yaml index 2247369..c5a418c 100644 --- a/.github/actions/bootstrap/action.yaml +++ b/.github/actions/bootstrap/action.yaml @@ -9,6 +9,9 @@ inputs: description: "Prefix all cache keys with this value" required: true default: "831180ac25" + tools: + description: "whether to install tools" + default: "true" bootstrap-apt-packages: description: "Space delimited list of tools to install via apt" default: "" @@ -23,6 +26,7 @@ runs: - name: Restore tool cache id: tool-cache uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 #v3.3.2 + if: inputs.tools == 'true' with: path: ${{ github.workspace }}/.tool key: ${{ inputs.cache-key-prefix }}-${{ runner.os }}-tool-${{ hashFiles('Taskfile.yaml') }}-${{ hashFiles('**/go.sum') }} @@ -32,6 +36,7 @@ runs: - name: (cache-miss) Bootstrap project tools shell: bash + if: inputs.tools == 'true' run: make ci-bootstrap-tools - name: Bootstrap go dependencies diff --git a/.github/workflows/update-anchore-dependencies.yml b/.github/workflows/update-anchore-dependencies.yml new file mode 100644 index 0000000..bf0a909 --- /dev/null +++ b/.github/workflows/update-anchore-dependencies.yml @@ -0,0 +1,49 @@ +name: PR to update Anchore dependencies +on: + workflow_dispatch: + inputs: + repos: + description: "List of dependencies to update" + required: true + type: string + +permissions: + contents: read + +jobs: + update: + runs-on: ubuntu-latest + if: github.repository_owner == 'anchore' # only run for main repo (not forks) + steps: + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 #v4.2.1 + + - name: Bootstrap environment + uses: ./.github/actions/bootstrap + with: + tools: false + bootstrap-apt-packages: "" + + - name: Update dependencies + id: update + uses: anchore/workflows/.github/actions/update-go-dependencies@main + with: + repos: ${{ github.event.inputs.repos }} + + - uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a #v2.1.0 + id: generate-token + with: + app_id: ${{ secrets.TOKEN_APP_ID }} + private_key: ${{ secrets.TOKEN_APP_PRIVATE_KEY }} + + - uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f #v7.0.5 + with: + signoff: true + delete-branch: true + draft: ${{ steps.update.outputs.draft }} + # do not change this branch, as other workflows depend on it + branch: auto/integration + labels: dependencies,pre-release + commit-message: "chore(deps): update anchore dependencies" + title: "chore(deps): update anchore dependencies" + body: ${{ steps.update.outputs.summary }} + token: ${{ steps.generate-token.outputs.token }}